Letsencrypt with htaccess

revengezp picture revengezp · Aug 5, 2016 · Viewed 21.8k times · Source

This is my current htaccess configuration of /frontend/web

RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule ^.*$ https://%{SERVER_NAME} [R,L]
# if a directory or a file exists, use it directly
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
# otherwise forward it to index.php
RewriteRule . index.php

I am trying to insert this:

RewriteCond %{REQUEST_URI} !^.well-known/acme-challenge/$

or

RewriteCond %{REQUEST_URI} ! /\.well-known|^\.well-known

above

RewriteRule ^.*$ https://%{SERVER_NAME} [R,L]

to create letsecnrypt certificate, but none of this is working.

Letsencrypt command to create certificate (debug coz Centos6):

./letsencrypt-auto --debug certonly --webroot -w /var/www/html/example.com/frontend/web/ --email [email protected] --domains example.com

letsencrypt error:

The following errors were reported by the server:

Domain: example.com
Type:   unauthorized
Detail: Invalid response from
http://example.com/.well-known/acme-challenge/%acme%

Link above leads me to the HTTPS version of the site protocol. If I remove a redirect to https, I get a message on the successful receipt of the certificate . conclusion : .well-known continues to be sent to the https , my settings did not work , what am I doing wrong?

Answer

Walf picture Walf · Oct 25, 2016

The cleanest way to do this without having to change any rules is to add a separate rule, before all others, that effectively disables rewriting for files in the directory, like this:

RewriteRule ^\.well-known/.+ - [END]

You may wish to add a file existence check immediately before the rule so your custom error response page is shown rather than the server's default:

RewriteCond %{REQUEST_FILENAME} -f